Re: [Libevent-users] evhttp and TLS hostname validation
On 12/10/2012 03:05 AM, Patrick Pelletier wrote: So I had been thinking it couldn't be done with the callback. However, after re-reading the manpage for SSL_CTX_set_verify, it sounds like it does get called on success, and is given the opportunity to fail the connection. So perhaps I could call validate_hostname() from inside the callback after all. I just haven't seen it done that way, but I'll give it a try and see if it works. The problem with this is that the callback set with SSL_CTX_set_verify is called once for *each* certificate in the chain, starting with the certificate authority, working its way through the intermediate certificates (if any) and ending with the server's certificate. The server certificate is the one I want to check the hostname of. But how do I tell when my callback is being called for the *last* time? That seems to be a fundamentally intractable problem. The moment to do this: ... - SSL_connect() returns without a failure - - continue handing over the (SSL *) ... Yeah, I'd been thinking that might be the only way to do it, before I went back and re-read the SSL_CTX_set_verify documentation. But it seems like the disadvantage of doing the connect before handing the SSL over to libevent is that then the connect has to be synchronous, right? The handshake wouldn't be event-driven. So, is that what everybody else does? Just do the handshake synchronously and then hand it over to libevent after performing the handshake and checking the certificate? --Patrick *** To unsubscribe, send an e-mail to majord...@freehaven.net with unsubscribe libevent-usersin the body.
Re: [Libevent-users] evhttp and TLS hostname validation
On 12/10/2012 03:05 AM, Patrick Pelletier wrote: There is a SSL_CTX_set_cert_verify_callback, but the iSECPartners document says very strongly never to use it, at the bottom of page 2: https://github.com/iSECPartners/ssl-conservatory/blob/master/openssl/everything-you-wanted-to-know-about-openssl.pdf?raw=true I've decided to ignore that advice and go ahead and use it. My rationale is that if SSL_CTX_set_cert_verify_callback() is not called, then X509_verify_cert() is used as the callback (from examining the OpenSSL source code). As long as my callback calls X509_verify_cert() first, then I'm essentially "wrapping" the default behavior, rather than replacing it, so it seems like that should be safe. And this lets me insert the hostname validation at the point where it needs to be (after the entire certificate chain has been verified, rather than as each certificate in the chain gets verified, which was my issue with SSL_CTX_set_verify). So, I think I've solved my problem now, but I do feel a little dubious about the whole thing, since I'm using functions I don't fully understand, in security-critical code, without following a known example. I'd certainly appreciate any feedback about whether I'm doing this the right way or not. Thanks, --Patrick *** To unsubscribe, send an e-mail to majord...@freehaven.net with unsubscribe libevent-usersin the body.
